terraform-provider-citrixadc icon indicating copy to clipboard operation
terraform-provider-citrixadc copied to clipboard

Published 20 hours ago verified publisher icon citrix

Issue: password_resetter returning error

Open stevenwright1 opened this issue 2 years ago • 2 comments

I see that I can use the "systemuser" resource to reset the passwords of user accounts local to the ADC. I assume the "password_resetter" resource differs in that it authenticates as the user who's password is to be changed (thereby validating their existing password) and makes the change while running as that user.

However, when I run the example for "password_resetter" (for nsroot or another user account) I get an error immediately after ns.log shows a successful login for the account.

My config resource "citrixadc_password_resetter" "tf_resetter" { username = "nsroot" password = "nsroot" new_password = "newnsroot" }

Error │ Error: [ERROR] nitro-go: Failed to create resource of type login, name=, err=failed: 599 Netscaler specific error ({ "errorcode": 278, "message": "Invalid argument", "severity": "ERROR" }) │ │ with citrixadc_password_resetter.tf_resetter, │ on resources.tf line 70, in resource "citrixadc_password_resetter" "tf_resetter": │ 70: resource "citrixadc_password_resetter" "tf_resetter" { │ ╵

Any help appreciated.

stevenwright1 avatar Jul 20 '22 11:07 stevenwright1

password_resetter is used for the first time password reset. In that case we make a special NITRO call to set the password to a non default value for the first time. After the user has the password set for the first time the call is no longer valid. This is probably the cause of the error that you are seeing. Trying to use password_resetter after the password for the user has been set to a non default value.

giorgos-nikolopoulos avatar Jul 25 '22 09:07 giorgos-nikolopoulos

Would handling the password change with a single resource be better?

Here, I would need to know the state of the ADC and write TF configuration with one resource if the ADC needed an initial password change but a different config for subsequent password changes. If I reran that configuration, it would presumably fail as the ADC's state would have changed.

Might it be better to handle all local user account password changes within a single TF resource and have the provider figure out the current state and make the required calls? That way, I could write a TF configuration that would successfully set the password regardless of and without knowing the ADC's current state.

If we took the approach of a single resource, could we also remove the need to define the current password? I believe we would only need the current password for the initial password change, and we're likely already using it to connect to the ADC.

stevenwright1 avatar Jul 27 '22 09:07 stevenwright1

Hello @stevenwright1 , We have implemented new resource citrixadc_change_password which can be used to change the password of the ADC. Please refer here for docs.

rohit-myali avatar Nov 15 '22 14:11 rohit-myali